National Institute of Information Technology, Bangalore

Technosoft
Technology Solutions
Project Report

Submitted by:
Santosh Kumar Nayak
S100040300077

Submitted to:
LINI MATHEW

Technosoft Technology Solutions Page 1

Candidate’s Declaration

I hereby declare that the work presented in this project proposal entitled “Technosoft
Technology Solutions“ submitted towards compilation of 2nd semester of GNIMS at
National Institute of Information Technology, Bangalore. I have tried my best to make
the complicated process of “Technosoft Technology Solutions” project as simple as
possible using Active Directory, UFS.

Santosh Kumar Nayak

Place: Bangalore

Date:

Technosoft Technology Solutions Page 2

Certificate

This is to certify that the project work entitled “Technosoft Technology Solutions” is
being carried out for compilation of 2 nd semester project of NIIT, Bangalore. The
above declaration made by me is genuine and correct to the best of my knowledge and
belief.

Coordinator:

Technosoft Technology Solutions Page 3

Table of contents:
 Declaration
 Certificate
 Introduction
 Identifying Hardware & Software requirements
 Diagram of the Network
 Diagram after Implementation
 Installation of AD CS
 Installation of NAP
 Installation of AD RMS
 Installation of AD FS
 UFS Snapshot
 Bibliography

Technosoft Technology Solutions Page 4

Introduction:
Technosoft Technology Solutions offers business and IT services to corporations
around the world. It has recently acquired an assignment to provide IT solution for
Woodgrovebank. Woodgrove bank has a heterogeneous environment, (running
multiple Windows operating systems as well as Solaris 10 Operating Systems) with 10
server computers supporting around 1000 workstations and laptops. Its headquarters is
located in Los Angeles and branch offices in Denver and San Diego. The branch
offices are connected to the headquarters through T1 line connection. The domain of
Los Angeles and Denver offices should be responsible for providing centralized
authentication and authorization services to all the users and computer accounts in
their regions. In addition, the regional domains should be able to resolve name
resolution queries for all computers located in their region.

Technosoft Technology Solutions Page 5

Identifying Hardware and Software requirements
To meet the Technosoft’s policy and demand, following things are required for the
network infrastructure.

Software requirements:

 Windows Server 2008 Active Directory enabled

 Windows Xp (for client systems)
 Windows Vista (for client systems)
 Solaris 10 OS (for back systems)
 Microsoft Office 2007 application
 Active directory services such as; ADFS, ADRMS, ADCS.
 NAP (Network Access Protection)

Hardware requirements:
For Windows server:

 Processor: Recommended 2 GHz

 Memory: 2 GB or more
 Disk Space: Recommended 60 GB or more
 Optical Drive: DVD-ROM
 Display: SVGA (800x600) or higher
 Peripherals: Keyboard, mouse
 Others: PXE supported mother board

For Solaris server:

 Processor: 1 GHz or more

 Memory: 1 GB or more
 Disk Space: 40 GB or more, Tape drives depending on data backup.
 Peripherals: Keyboard, mouse
 Others: BIOS supported DVD drive and PXE BIOS

Technosoft Technology Solutions Page 6

 NorthwindT
Los raders
Angels

Denver
Sea
Diego

Logical Diagram

Technosoft Technology Solutions Page 7

 WoodgroveBank
Federation Trust

Windows server 2008 Windows server 2008 installed

installed system with AD system with AD FS
DS, AD FS, Ad RMS, AD CS

T1 Line Connection
T1 Line Connection

Denver
Sea
Diego

Windows server 2008 Solaris 10 installed system

installed system, with AD
RMS and NAP

Diagram after
Implementation

Technosoft Technology Solutions Page 8

Implementation of AD CS and NAP:
To enhance the Security, protect network in the headquarters we need to install AD
CS and NAP in the Server. AD CS (Active Directory Certificate Services) provides
customizable services for creating and managing public key certificates used in the
software security systems that employ public key technologies. It gives organizations
a cost-effective, efficient and secure way to manage the distribution and use of
certificates. NorthwindT
Los raders
To setup an AD CS in the server:
Angels

1. Log on to Headquarter server as an administrator.

2. Click Start, point to Administrative Tools, and then click Server Manager.

3. In the Roles Summary section, click Add roles.

4. On the Select Server Roles page, select the Active Directory Certificate
Services check box. Click Next two times.

5. On the Select Role Services page, select the Certification Authority check box,
and then click Next.

6. On the Specify Setup Type page, click Enterprise, and then click Next.

7. On the Specify CA Type page, click Root CA, and then click Next.

8. On the Set Up Private Key and Configure Cryptography for CA pages, you can
configure optional configuration settings, including cryptographic service
providers. However, for basic testing purposes, accept the default values by
clicking Next twice.

9. In the Common name for this CA box, type the common name of the CA,
RootCA1, and then click Next.

10. On the Set the Certificate Validity Period page, accept the default validity
duration for the root CA, and then click Next.

11. On the Configure Certificate Database page, accept the default values or
specify other storage locations for the certificate database and the certificate
database log, and then click Next.

Technosoft Technology Solutions Page 9

 12. After verifying the information on the Confirm Installation Options page, click
Install.

13. Review the information on the confirmation screen to verify that the
installation was successful.

NAP is a system health policy-enforcement platform built into Windows XP service

Pack3 and on later versions of windows. This enables to protect private network assets
better by enforcing compliance with system health requirements. NAP enables to
create customized health requirement policies to validate computer health before
allowing access or communication. Network Access Protection (NAP) is a system
designed to protect networks from clients which are not deemed to be secure or
healthy (to use Microsoft's terminology). When NAP is implemented, clients without
the required level of "health" are directed to a remediation server where the necessary
updates may be obtained to bring the system into compliance with the Network
Access policy of the network. In addition, the user may also be directed to a web page
providing details of why access to the network has been declined and outlining the
steps necessary to remedy the problem.

To install the NPS role service:

1. In Server Manager, under Roles Summary, click Add Roles, and then click
Next.
2. On the Select Server Roles page, select the Network Policy and Access
Services check box, and then click Next twice.
3. On the Select Role Services page, select the Network Policy Server check box,
and then click Next.
4. On the Confirm Installation Selections page, click Install.
5. On the Installation Results page, verify that the installation was successful, and
then click Close.

Technosoft Technology Solutions Page 10

Implementation of AD RMS and AD FS:
The Branch office at Denver uses SAP application to store and help protect
confidential information. The branch office needs a solution to help protect sensitive
information, making it available only for authorized users. For the authorization
service in Denver branch we need to install AD RMS services in the server.

To install the AD RMS Server Role:

1. Log on to the server on which you want to install AD RMS.

2. Open Server Manager. Click Start, point to Administrative Tools, and then
click Server Manager.
3. In the Roles Summary box, click Add Roles.
4. Read the Before You Begin section, and then click Next.
5. On the Select Server Roles page, select the Active Directory Rights
Management Services box.
6. The Role Services page appears informing you of the AD RMS dependent role
services and features. Make sure that Web Server (IIS), Windows Process
Activation Service (WPAS), and Message Queuing are listed, and then click
Add Required Role Services. Click Next.
7. Read the AD RMS introduction page, and then click Next.
8. On the Select Role Services page, verify that the Active Directory Rights
Management Server check box is selected, and then click Next.
9. Select the Create a new AD RMS cluster option, and then click Next.
10. Select the Use a different database server option, and then click Select.
11. Type the name of the computer that will be hosting AD RMS databases, and
then click OK.
12. In Database Instance, choose the appropriate instance, click Validate, and then
click Next.

Technosoft Technology Solutions Page 11

 13. On the Specify Service Account page, click Specify, type the domain user
account and password that should be used as the AD RMS service account,
click OK, and then click Next.
14. Ensure that the Use AD RMS centrally managed key storage option is selected,
and then click Next.
15. Type a strong password in the Password box and in the Confirm password box,
and then click Next.
16. Choose the Web site where the AD RMS Web services will be installed, and
then click Next. In a default installation, the name of the Web site should be
Default Web Site.
17. As a best security practice, the AD RMS cluster should be provisioned by using
an SSL-encrypted connection. Select the Use an SSL-encrypted connection
(https://) option.
18. Type the fully-qualified domain name of the AD RMS cluster in the Internal
Address box, and then click Validate. If you want to change the default port on
which AD RMS communicates, you can do that on this page of the wizard as
well. If validation succeeds, the Next button will become active. Click Next.
19. Select the Choose an existing certificate for SSL encryption option, click the
appropriate certificate or click Import to import the certificate, and then click
Next.
20. Type a name that will help you identify the AD RMS cluster in the Friendly
name box, and then click Next.
21. Ensure that the Register the AD RMS service connection point now option is
selected, and then click Next to register the AD RMS service connection point
(SCP) in Active Directory Domain Services (AD DS).
22. Read the Introduction to Web Server (IIS) page and then click Next.
23. Click Next again, leaving the Web server defaults.
24. Click Install to provision AD RMS on the computer. It can take up to 60
minutes to complete the installation.
25. Click Finish.

26. Log off from the server, and then log back on to update the permissions granted
to the logged on user account. The user account that is logged on when the
AD RMS server role is provisioned is automatically made a member of the
AD RMS Enterprise Administrators group. A user must be a member of that
group to administer AD RMS.

WoodgroveBank has partnered with a company, NorthwindTraders, which is based on

Los Angeles, to extend their customer base and profits. It needs a solution to provide

Technosoft Technology Solutions Page 12

the users at Bluewells solutions to access to the applications hosted on it while
maintaining a separate directory structure for both the organizations. So, here we need
to implement the trust between headquarter and Active Directory Federation Services
(AD FS) is a feature in the Windows Server 2003 R2, Windows Server 2008, and
Windows Server 2008 R2 operating systems that provides Web single-sign-on (SSO)
technologies to authenticate a user to multiple, related Web applications over the life
of a single online session. AD FS accomplishes this by securely sharing digital
identity and entitlement right across security and enterprise boundaries. You can use
Active Directory Federation Services (AD FS) to enable efficient and secure online
transactions between partner organizations that are joined by federation trust
relationships. In other words, a federation trust is the embodiment of a business-level
agreement or partnership between two organizations.

To install the AD FS:

1. Download the AD FS 2.0 software by saving the AdfsSetup.exe setup file onto
the computer.
2. Locate the AdfsSetup.exe setup file that you downloaded to the computer, and
then double-click it.
3. On the Welcome to the AD FS 2.0 Setup Wizard page, click Next.
4. On the End-User License Agreement page, read the license terms.
5. If you agree to the terms, select the I accept the terms in the License Agreement
check box, and then click Next.
6. On the Server Role page, select one of the following options, depending on the
role for which you will configure this computer.
o To install AD FS 2.0 and to begin the process of configuring it for the
federation server role, select Federation server, and then click Next.

Technosoft Technology Solutions Page 13

 o To install AD FS 2.0 and begin the process of configuring it for the
federation server proxy role, select Federation server proxy, and then
click Next.

7. On the Install Prerequisite Software page, click Next.

After you click Next, you see the Installing AD FS 2.0 page.

8. On the Completed the AD FS 2.0 Setup Wizard page, verify that the Restart
now checkbox is selected, and then click Finish to restart the computer.

UFS Snapshot:
An ever reoccurring problem while doing backups is the problem, that you have to
keep the state of the backup consistent. The UFS snapshot feature provides
administrators an online backup solution for ufs file systems. This utility enables a
point-in-time copy of a ufs file system, called snapshot, to create an online backup.
We can create the backup while the file system is mounted and system is in multi-user
mode. The UFS snapshots occupies only as much disk space as needed. We use
fssnap command to create, query and delete temporary read-only snapshots of ufs file
systems.

The format for the fssnap command is :

/usr/sbin/fssnap –F FSType –V –O special_option mount-point | special

Technosoft Technology Solutions Page 14

Limitation of the Project:
 Backup facilities can be incorporated
 AD DS must be install on all the servers
 AD FS, AD CS, AD RMS must be install on appropriate server
 Communication bandwidth should be high
 Use certificate template while issuing CA
 Data communication has to be encrypted for secure transmission.

Technosoft Technology Solutions Page 15

Bibliography:

Books:
Windows Desktop Deployment (Jerry Honeycutt)

Website:
www.allmyfaves.com

www.microsoft.com

Technosoft Technology Solutions Page 16